pub intempestive
Dernière réponse : dans Sécurité
Bonsoir,
J'ai sans arrêt des pubs intempestives pour un faux anti-spyware. L'antispyware a supprimé plusieurs fois un fichier mais il revient toujours.
Voici le rapport hijackthis et le rapport navilog (apparemment c'est ce qu'il faut envoyer...) :
hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:57:04, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
D:\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Spyware Doctor\svcntaux.exe
D:\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Realtek\InstallShield\RTHDCPL.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [SDTray] "D:\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - Global Startup: Launch Manager.LNK = C:\Program Files\Launch Manager\QtZgAcer.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Navilog :
Search Navipromo version 3.3.8 commencé le 05/01/2008 à 23:12:19,76
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32
Executé en mode normal
*** Recherche Programmes installés ***
WebMediaPlayer
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Xavier\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer trouvé !
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Fichier(s) caché(s) :
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.exe 327680 bytes
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.dat 32768 bytes
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_navps.dat 32768 bytes
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_nav.dat 393216 bytes
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Xavier\local settings\application data" *
Fichiers trouvés :
goxohpyqiq.exe trouvé !
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Xavier\local settings\application data" :
goxohpyqiq.dat trouvé !
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 05/01/2008 à 23:28:51,59 ***
Merci d'avance de votre réponse.
J'ai sans arrêt des pubs intempestives pour un faux anti-spyware. L'antispyware a supprimé plusieurs fois un fichier mais il revient toujours.
Voici le rapport hijackthis et le rapport navilog (apparemment c'est ce qu'il faut envoyer...) :
hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:57:04, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
D:\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Spyware Doctor\svcntaux.exe
D:\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Realtek\InstallShield\RTHDCPL.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [SDTray] "D:\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - Global Startup: Launch Manager.LNK = C:\Program Files\Launch Manager\QtZgAcer.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {67440FA5-C6D8-4A5B-8BB6-308AE0B74361} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Navilog :
Search Navipromo version 3.3.8 commencé le 05/01/2008 à 23:12:19,76
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32
Executé en mode normal
*** Recherche Programmes installés ***
WebMediaPlayer
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Xavier\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer trouvé !
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Fichier(s) caché(s) :
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.exe 327680 bytes
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.dat 32768 bytes
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_navps.dat 32768 bytes
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_nav.dat 393216 bytes
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Xavier\local settings\application data" *
Fichiers trouvés :
goxohpyqiq.exe trouvé !
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Xavier\local settings\application data" :
goxohpyqiq.dat trouvé !
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 05/01/2008 à 23:28:51,59 ***
Merci d'avance de votre réponse.
Autres pages sur : pub intempestive
Lassé par la pub ? Créez un compte
je vois que tu a plusieurs antispyware:
-SpywareTerminator
-spyware doctor
vire les et télécharge en un plus sérieux
spybot--->http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/26157.html
a+
-SpywareTerminator
-spyware doctor
vire les et télécharge en un plus sérieux
spybot--->http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/26157.html
a+
Salut!
Merci de m'avoir répondu.
Voici le rapport de navilog :
Clean Navipromo version 3.3.8 commencé le 06/01/2008 à 17:37:23,73
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32
Mode suppression automatique
*** Creation backups fichiers trouvés par Catchme ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.exe 327680 bytes réalisée avec succès !
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.dat 32768 bytes réalisée avec succès !
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_navps.dat 32768 bytes réalisée avec succès !
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_nav.dat 393216 bytes réalisée avec succès !
*** Suppression des fichiers trouvés avec Catchme ***
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.exe 327680 bytes supprimé !
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.dat 32768 bytes supprimé !
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_navps.dat 32768 bytes supprimé !
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_nav.dat 393216 bytes supprimé !
** 2ème passage avec résultats Catchme **
* Dans C:\WINDOWS\system32 *
C:\WINDOWS\prefetch\goxohpyqiq*.pf trouvé !
Copie C:\WINDOWS\prefetch\goxohpyqiq*.pf réalisée avec succès !
C:\WINDOWS\prefetch\goxohpyqiq*.pf supprimé !
* Dans "C:\Documents and Settings\Xavier\local settings\application data" *
goxohpyqiq.exe trouvé !
Copie goxohpyqiq.exe réalisée avec succès !
goxohpyqiq.exe supprimé !
goxohpyqiq.dat trouvé !
Copie goxohpyqiq.dat réalisée avec succès !
goxohpyqiq.dat supprimé !
goxohpyqiq_nav.dat trouvé !
Copie goxohpyqiq_nav.dat réalisée avec succès !
goxohpyqiq_nav.dat supprimé !
goxohpyqiq_navps.dat trouvé !
Copie goxohpyqiq_navps.dat réalisée avec succès !
goxohpyqiq_navps.dat supprimé !
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans C:\WINDOWS\System32 *
* Suppression dans "C:\Documents and Settings\Xavier\local settings\application data" *
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Suppression dossiers dans "C:\Documents and Settings\Xavier\application data" ***
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer ...suppression...
...\WebMediaPlayer !!ERREUR SUPPRESSION!!
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Xavier\local settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans C:\WINDOWS\system32 *
* Dans "C:\Documents and Settings\Xavier\local settings\application data" *
*** Sauvegarde du Registre vers dossier Backupnavi ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
*** Nettoyage terminé le 06/01/2008 à 17:44:29,04 ***
Pour spybot, je l'avais avant mais je l'ai désinstallé et j'ai pris ceux-là parce qu'il avait modifié des trucs (fichiers host) et je pouvait plus me connecter à msn par exemple. J'ai vu que spyware terminator était conseillé sur certains forums...
Merci de m'avoir répondu.
Voici le rapport de navilog :
Clean Navipromo version 3.3.8 commencé le 06/01/2008 à 17:37:23,73
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32
Mode suppression automatique
*** Creation backups fichiers trouvés par Catchme ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.exe 327680 bytes réalisée avec succès !
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.dat 32768 bytes réalisée avec succès !
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_navps.dat 32768 bytes réalisée avec succès !
Copie C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_nav.dat 393216 bytes réalisée avec succès !
*** Suppression des fichiers trouvés avec Catchme ***
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.exe 327680 bytes supprimé !
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq.dat 32768 bytes supprimé !
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_navps.dat 32768 bytes supprimé !
C:\Documents and Settings\Xavier\Local Settings\Application Data\goxohpyqiq_nav.dat 393216 bytes supprimé !
** 2ème passage avec résultats Catchme **
* Dans C:\WINDOWS\system32 *
C:\WINDOWS\prefetch\goxohpyqiq*.pf trouvé !
Copie C:\WINDOWS\prefetch\goxohpyqiq*.pf réalisée avec succès !
C:\WINDOWS\prefetch\goxohpyqiq*.pf supprimé !
* Dans "C:\Documents and Settings\Xavier\local settings\application data" *
goxohpyqiq.exe trouvé !
Copie goxohpyqiq.exe réalisée avec succès !
goxohpyqiq.exe supprimé !
goxohpyqiq.dat trouvé !
Copie goxohpyqiq.dat réalisée avec succès !
goxohpyqiq.dat supprimé !
goxohpyqiq_nav.dat trouvé !
Copie goxohpyqiq_nav.dat réalisée avec succès !
goxohpyqiq_nav.dat supprimé !
goxohpyqiq_navps.dat trouvé !
Copie goxohpyqiq_navps.dat réalisée avec succès !
goxohpyqiq_navps.dat supprimé !
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans C:\WINDOWS\System32 *
* Suppression dans "C:\Documents and Settings\Xavier\local settings\application data" *
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Suppression dossiers dans "C:\Documents and Settings\Xavier\application data" ***
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
...\WebMediaPlayer ...suppression...
...\WebMediaPlayer !!ERREUR SUPPRESSION!!
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Xavier\local settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans C:\WINDOWS\system32 *
* Dans "C:\Documents and Settings\Xavier\local settings\application data" *
*** Sauvegarde du Registre vers dossier Backupnavi ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
*** Nettoyage terminé le 06/01/2008 à 17:44:29,04 ***
Pour spybot, je l'avais avant mais je l'ai désinstallé et j'ai pris ceux-là parce qu'il avait modifié des trucs (fichiers host) et je pouvait plus me connecter à msn par exemple. J'ai vu que spyware terminator était conseillé sur certains forums...
Lassé par la pub ? Créez un compte
